mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
3b007b7bba
The variable was None by default and set to /etc/ipa/dnssec/openssl.cnf for fedora only because the code is specific to the support of pkcs11 engine for bind. As a consequence ipa-backup had a "None" value in the list of files to backup and failed on Exception. ipa-backup code is able to handle missing files, and the code using the pkcs11 engine is called only when NAMED_OPENSSL_ENGINE is set (only in fedora so far). It is safe to always define a value for DNSSEC_OPENSSL_CONF even on os where it does not exist. The fix also improves the method used to verify that a path exists. Fixes: https://pagure.io/freeipa/issue/8597 Reviewed-By: Alexander Bokovoy <abbra@users.noreply.github.com> |
||
---|---|---|
.. | ||
base | ||
debian | ||
fedora | ||
fedora_container | ||
redhat | ||
rhel | ||
rhel_container | ||
suse | ||
__init__.py | ||
_importhook.py | ||
constants.py | ||
Makefile.am | ||
osinfo.py | ||
override.py.in | ||
paths.py | ||
README.md | ||
services.py | ||
setup.cfg | ||
setup.py | ||
tasks.py |
IPA platform abstraction
The ipaplatform
package provides an abstraction layer for
supported Linux distributions and flavors. The package contains
constants, paths to commands and config files, services, and tasks.
- base abstract base platform
- debian Debian- and Ubuntu-like
- redhat abstract base for Red Hat platforms
- fedora Fedora
- fedora_container freeipa-container on Fedora
- rhel RHEL and CentOS
- rhel_container freeipa-container on RHEL and CentOS
- suse OpenSUSE and SLES
[base]
├─ debian
├─[redhat]
│ ├─ fedora
│ │ └─ fedora_container
│ └─ rhel
│ └─ rhel_container
└─ suse
(Note: Debian and SUSE use some definitions from Red Hat namespace.)
freeipa-container platform
The fedora_container and rhel_container platforms are flavors
of the fedora and rhel platforms. These platform definitions
are specifically designed for
freeipa-container.
The FreeIPA server container implements a read-only container. Paths
like /etc
, /usr
, and /var
are mounted read-only and cannot
be modified. The image uses symlinks to store all variable data like
config files and LDAP database in /data
.
- Some commands don't write through dangling symlinks. The IPA
platforms for containers prefix some paths with
/data
. ipa-server-upgrade
verifies that the platform does not change between versions. To allow upgrades of old containers, sysupgrade maps$distro_container
to$distro
platform.- The container images come with authselect pre-configured with
sssd with-sudo
option. The tasksmodify_nsswitch_pam_stack
andmigrate_auth_configuration
are no-ops.ipa-restore
does not restore authselect settings.ipa-backup
still stores authselect settings in backup data. - The
--mkhomedir
option is not supported.